cryptolocker | 00435a08b43b2dbb71cf05bc790b34f48968f39ea275f353fbd38b3e8232d341 | Triage

Sharing

General

Target

00435a08b43b2dbb71cf05bc790b34f48968f39ea275f353fbd38b3e8232d341
Size

281KB
Sample

220419-c46xfsgdbr
MD5

e4bc87bca81c3e87431d2dd31f939818
SHA1

33f404242703dfd818e3b1c34b52ce07fb795923
SHA256

00435a08b43b2dbb71cf05bc790b34f48968f39ea275f353fbd38b3e8232d341
SHA512

674065bde341c1fccffc9d157f0ecf6ed27e78e848e1dead983c2d96835a4ae94ad69f296e3c2dc7fc24d7174fab6b2269e86ba7b81581adad41e8eb3c1b4331

Score

10^/10

cryptolocker persistence ransomware suricata

Malware Config

Targets

- Target
  
  Trojan.Ransom.CryptoLocker
- Size
  
  338KB
- MD5
  
  04fb36199787f2e3e2135611a38321eb
- SHA1
  
  65559245709fe98052eb284577f1fd61c01ad20d
- SHA256
  
  d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
- SHA512
  
  533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444
Score

10^/10

cryptolocker persistence ransomware suricata
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
  suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
  suricata
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerpersistenceransomwaresuricata

behavioral2

cryptolockerpersistenceransomwaresuricata